Proximity credential sharing

ABSTRACT

Techniques are disclosed relating to user authentication. In some embodiments, a first computing device receives, from a second computing device, a request for a user credential to be input into an authentication prompt associated with the second device. The first computing device determines a proximity associated with the second computing device based on a received wireless location beacon and, based on the request and the determined proximity, presents a selection prompt asking a user of the first computing device to select a user credential stored in the first computing device. The first computing device then provides the selected user credential to the second computing device to input into the authentication prompt. In some embodiments, the first computing device receives the wireless location beacon from a remote controller of the second computing device and determines a proximity based on a signal strength associated with the received location beacon.

The present application claims priority to U.S. Prov. Appl. No.62/679,905, filed Jun. 3, 2018, which is incorporated by referenceherein in its entirety.

BACKGROUND Technical Field

This disclosure relates generally to computing devices, and, morespecifically, to user authentication.

Description of the Related Art

Many online services typically ask a user to create a credential, suchas a username and password, when registering with a service in order tofacilitate a subsequent user authentication. A user may be tempted touse a short password or reuse the same password across services becauseit is easier to remember the password. These practices, however, canmake it easier to compromise a password and gain access to multipleaccounts of a user. To discourage this behavior, a computing device mayoffer to maintain a user's passwords. For example, many modern webbrowsers may detect when a user has entered a password into a webpageand offer to store it for use in a subsequent authentication with thewebpage.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an example of a system forsharing credentials between devices.

FIG. 2 is a communication diagram illustrating an example of an exchangebetween devices sharing credentials.

FIGS. 3A-D illustrate various examples of prompts presented to a usersharing a credential between devices.

FIG. 4A-C are a flow diagrams illustrating exemplary methods for sharingcredentials.

FIG. 5 is a block diagram illustrating one embodiment of an exemplarycomputer system.

This disclosure includes references to “one embodiment” or “anembodiment.” The appearances of the phrases “in one embodiment” or “inan embodiment” do not necessarily refer to the same embodiment.Particular features, structures, or characteristics may be combined inany suitable manner consistent with this disclosure.

Within this disclosure, different entities (which may variously bereferred to as “units,” “circuits,” other components, etc.) may bedescribed or claimed as “configured” to perform one or more tasks oroperations. This formulation—[entity] configured to [perform one or moretasks]—is used herein to refer to structure (i.e., something physical,such as an electronic circuit). More specifically, this formulation isused to indicate that this structure is arranged to perform the one ormore tasks during operation. A structure can be said to be “configuredto” perform some task even if the structure is not currently beingoperated. A “computing device configured to present a prompt on display”is intended to cover a device, for example, that has display pipelinecircuitry and/or memory having program instructions executable by aprocessor to perform this function during operation, even if the devicein question is not currently being used (e.g., a power supply is notconnected to it). Thus, an entity described or recited as “configuredto” perform some task refers to something physical, such as a device,circuit, memory storing program instructions executable to implement thetask, etc. This phrase is not used herein to refer to somethingintangible. Thus, the “configured to” construct is not used herein torefer to a software entity such as an application programming interface(API).

The term “configured to” is not intended to mean “configurable to.” Anunprogrammed FPGA, for example, would not be considered to be“configured to” perform some specific function, although it may be“configurable to” perform that function and may be “configured to”perform the function after programming.

Reciting in the appended claims that a structure is “configured to”perform one or more tasks is expressly intended not to invoke 35 U.S.C.§ 112(f) for that claim element. Accordingly, none of the claims in thisapplication as filed are intended to be interpreted as havingmeans-plus-function elements. Should Applicant wish to invoke Section112(f) during prosecution, it will recite claim elements using the“means for” [performing a function] construct.

As used herein, the terms “first,” “second,” etc. are used as labels fornouns that they precede, and do not imply any type of ordering (e.g.,spatial, temporal, logical, etc.) unless specifically stated. Forexample, a mobile device may have a first credential and a secondcredential. The term “first” is not limited to the initial credential ofthe device. Accordingly, the term “first” may be used to refer to anycredential on the device.

As used herein, the term “based on” is used to describe one or morefactors that affect a determination. This term does not foreclose thepossibility that additional factors may affect a determination. That is,a determination may be solely based on specified factors or based on thespecified factors as well as other, unspecified factors. Consider thephrase “determine A based on B.” This phrase specifies that B is afactor is used to determine A or that affects the determination of A.This phrase does not foreclose that the determination of A may also bebased on some other factor, such as C. This phrase is also intended tocover an embodiment in which A is determined based solely on B. As usedherein, the phrase “based on” is thus synonymous with the phrase “basedat least in part on.”

DETAILED DESCRIPTION

The present disclosure describes embodiments in which a user may haveone or more authentication credentials stored on a first computingdevice but is interacting with a second computing device attempting toauthenticate the user. As will be described in greater detail below invarious embodiments, the second computing device may be configured tosend a request to nearby devices asking for them to supply a credentialassociated with a user authentication. In response to receiving thisrequest, the first device may present a prompt asking the user if he orshe would like to provide a stored credential to the second device. Forexample, in some embodiments, the second computing device may be a mediaplayer device presenting an authentication prompt on a television.Rather than entering a username and password manually via the device'sremote controller, a user's nearby mobile device, for example, maypresent a prompt asking the user to select a stored username andpassword to provide to the media player device.

In order to reduce the number of potential devices responding to thesecond device, in various embodiments, the second device may cause alocation beacon to be sent that is usable by nearby devices to determinea proximity to the second device. (As used herein, the term proximityrefers generally to any suitable metric indicative of distance betweentwo devices.) If a device determines that it is within a thresholdrange, it may prompt its user to select a credential to provide thesecond device. Otherwise, the device may ignore the request and notbother the user. Thus, a person located, for example, in the same roomas the media player device noted above may receive a prompt on his orher mobile device, but a person located in another room may not bebothered in spite of his or her mobile device receiving the credentialrequest. Still further, in some embodiments, the location beacon is sentfrom a remote controller of the second device as the remote controllermay be closer to the user being authenticated and thus allow for asmaller threshold range to be considered by nearby devices—thus reducingthe number of potentially responding devices and bothered users. Inother embodiments, however, the location beacon may be sent by thesecond device or another peripheral associated with the second device.

Turning now to FIG. 1, a block diagram of a credential sharing system 10is depicted. In the illustrated embodiment, system 10 includes a mediaplayer device 110 coupled to a display 120, a wireless remote controller130, and a mobile device 140. In some embodiments, system 10 may beimplemented differently than shown—e.g., display 120 may be integratedinto device 110, mobile device 140 may be one of a plurality of devices140, remote 130 may not be present, etc.

Media player device 110, in various embodiments, is a device configuredto present content on a display 120. In the illustrated embodiment, thiscontent may include various media played on display 120, which may be atelevision in some embodiments. Device 110, however, may correspond toany suitable computing device such as laptop or notebook computer,personal computer system, desktop computer, a server system, mainframecomputer system, tablet computer, handheld computer, workstation,network computer, a mobile phone, music player, personal data assistant(PDA), wearable device, internet of things (IoT) device, etc. In someembodiments, media player device 110 includes a wireless interfaceconfigure to communicate with a wireless remote controller 130 (orsimply remote 130), which may receive various input from and provideindications of the inputs to device 110 to control operation of device110. Remote 130 may support any of various wireless protocols such asinfrared (IR), Bluetooth™, Wi-Fi™, ultra-wide band (UWB), etc. Althoughvarious functionality will be described below with respect to remote130, this functionality may be performed by some other peripheral deviceassociated with device 110 such as a wireless keyboard, mouse, speaker,some other device paired to device 110, etc.

In some instances, media player device 110 may present an authenticationprompt 112 soliciting a credential for authenticating a user. In someembodiments, this prompt 112 is provided by an application executing ondevice and provided to authenticate with respect to a service. Thisservice may pertain to, for example, accessing content maintained by anapplication, enabling functionality of an application, logging into anapplication, etc. This service may also pertain to accessing informationlocated externally from media player device 110. For example, prompt 112may be presented by an application associated with a streaming serviceand executable to stream various video content to media player device110. In some embodiments, prompt 112 is presented by a web browserexecutable to render webpages on display 120—thus, authentication prompt112 may correspond to an authentication page for a website. In otherembodiments, device 110 may not present any prompt when soliciting acredential 144—e.g., device 110 may not have a display, device 110 maydetermine to forgo presenting a prompt 112 if a mobile device 140 with arelevant credential can be identified, etc.

Mobile device 140, in various embodiments, is configured to maintainvarious credentials 144, which may be relevant to authentication prompt112. These credentials 144 may include any suitable type of credentialsuch as a username and password, one-time password (OTP), personalidentification number (PIN), a digital signature generated by acryptographic key, authentication token, etc. Although described as amobile device 140, device 140 may correspond to any suitable device suchas those noted above with respect to media player device 110. As shownin FIG. 1, mobile device 140 may receive a credential request 114 alongwith a location beacon 132 and present a corresponding selection prompt142 for selecting a credential 144 to provide to media player device110.

In various embodiments, media player device 110 sends a credentialrequest 114 to one or more nearby devices in responsive to a userproviding some input to device 110 via remote 130. For example, a usermay navigate one or more menus depicted on display 120 resulting in thepresentation of authentication prompt 112, and request 114 may be sentin response to the user selecting a field in authentication prompt 112via remote 130. In some embodiments, request 114 may be sent as abroadcast (i.e., a communication not directed to any device inparticular) and may be generic advertisement for a credential 144 asinformation about the specific desired credential 144 may be conveyedlater once a secure connection is established with a device respondingto request 114. In other embodiments, however, request 114 may bedirected to one or more specific devices 140 and/or include additionalinformation about the desired credential 144 such as discussed belowwith respect to FIG. 2.

As noted above, location beacon 132 may be conveyed to nearby devices inorder for them to determine whether to respond to a credential request114. In various embodiments, mobile device 140 uses a location beacon132 to determine a proximity associated with media player device 110. Insome embodiments, this determination is includes receiving, from a radioof mobile device 140, an indication of the signal strength (e.g., arelative signal strength indication (RSSI)) associated with the receivedlocation beacon 132 and comparing the signal strength with a thresholdvalue. If the signal strength satisfies the threshold value (meaningmobile device 140 is in a sufficient range), device 140 may determine tonotify the user of device 140 about the request 114. If the signalstrength does not satisfy the threshold, mobile device 140 may determineto ignore the received request 114. In the illustrated embodiment,location beacon 132 is sent from remote 130 as it may allow a higherthreshold to be used since remote 130 may be closer to mobile device 140than media player device 110. In other embodiments, however, locationbeacon 132 may be conveyed by media player device 110 or some otherperipheral of device 110. For example, one or more other neighboringdevices may send a location beacon 132 to mobile device 140—or conveysome other form of location information such as a packet identifying alocation determined by one of the neighboring devices. These neighboringdevices may also any suitable radio access technology (RAT) such asinfrared (IR), Bluetooth™, Wi-Fi™, ultra-wide band (UWB), etc. In stillother embodiments, other techniques may be used to determine whether amobile device 140 is within a threshold range of media player device 110such as being able to access a common wireless access point (WAP) (orcommon Wi-Fi™ network), using global position system (GPS),usingcellular network connectivity, etc.

If mobile device 140 determines to notify the user of device 140 about arequest 114, device 140 may present one or more prompts to a user suchas a selection prompt 142. In various embodiments, selection prompt 142presents a list of credentials 144 stored on mobile device 140 andallows a user to select one of the credentials 144 to provide it tomedia player device 110. In some embodiments, selection prompt 142 mayfurther suggest a particular credential 144 determined to be relevant toauthentication prompt 112. In some embodiments, mobile device 140 alsopresents a device authentication prompt asking the user to supply aninput usable to authenticate mobile device 140 to media player device110. For example, in one embodiment, the prompt may ask a user to entercode depicted on display 120; however, other techniques may be used asdiscussed below. In some embodiments, mobile device 140 also performs alocal authentication of the user before permitting a credential 144 tobe provided media player device 110. Such an authentication may includeverifying a user's passcode, biometric, etc. Examples of various promptsthat may be presented by mobile device 140 are discussed in furtherdetail below with respect to FIGS. 3A-3D.

After a user has selected a credential 144 from selection prompt 142,mobile device 140 may provide the credential 144 to media player device110 as shown in FIG. 1. In various embodiments, in response to receivingcredential 144, media player device 110 may automatically populate oneor more fields in the authentication prompt 112 with the credential 144.In some embodiments, media player device 110 may further automaticallysubmit content of the populated one or more fields in response toreceiving credential 144. In other embodiments, however, a user may berequired to select a button using remote 130 to submit a credential 144.An exemplary exchange between devices 110, 130, and 140 is described ingreater detail below with respect to FIG. 2.

Turning now to FIG. 2, a communication diagram of an exchange 200 forsharing a credential 144 is depicted. In the illustrated embodiment,exchange 200 includes a discovery phase 202, pairing phase 204, andcredential communication phase 206. In other embodiments, exchange 200may be implemented differently—e.g., steps may be performed in adifferent order, concurrently, or omitted.

Discovery phase 202, in various embodiments, is the initial phase inwhich media player device 110 attempts to discover nearby devices, whichmay be interested in sharing a credential 144 with media player device110. In the illustrated embodiment, phase 202 begins at 210 with a userproviding an input to remote 130 that selects a field in authenticationprompt 112. In response to receiving an indication of this selection,media player device 110 broadcasts a credential request 114, which isreceived by mobile device 140 at 212. Media player device 110 also sendsa beacon instruction to remote 130 at 214 to cause remote 130 to startsending a location beacon 132 at 216. In response to receiving thebeacon 132, mobile device 140 performs an RSSI determination 218 inwhich mobile device 140 determines a proximity by comparing the RSSI ofthe received beacon 132 with a threshold value. If the RSSI is satisfiesthe threshold value, mobile device 140 presents an introduction promptat 220 (discussed below with respect to FIG. 3A) asking a user 201 if heor she wants to share a credential 144. If the user indicates in theaffirmative, an indication may be provided at 222 by mobile device 140to media player device 110, which sends an instruction to remote 130 todiscontinue sending a location beacon 132 at 224. Exchange 200 thenproceeds to pairing phase 204.

Pairing phase 204, in various embodiments, is an intermediary phase inwhich devices 110 and 140 authenticate one another and establish asecure communication channel. In the illustrated embodiment, phase 204begins at 226 with mobile device 140 presenting an device authenticationprompt (discussed below with respect to FIG. 3B) asking user 201 toinput authentication information, which is conveyed to media playerdevice 110 at 228 in order to authenticate mobile device 140 and mediaplayer device 110. In some embodiments, media player device 110 presentsa value on display 120, and the device authentication prompt asks user201 to input the value into the prompt; however, in other embodiments,other techniques may be used. After confirming the authenticationinformation, media player device 110 establishes a secure/encryptedchannel with mobile device 140 at 230 to protect subsequentcommunications between devices 110 and 140. In some embodiments, thismay include performing a Diffie-Hellman (DH) key exchange to establish acryptographic key for encrypting and decrypting subsequentcommunications. Exchange 200 then proceeds to credential communicationphase 206.

Credential communication phase 206, in various embodiments, is the lastphase in which a selected credential 144 is communicated. In theillustrated embodiment, phase 206 begins at 232 with media player device110 providing, via the secure channel, information about authenticationprompt 112 such as a service identifier and a credential type. Theservice identifier, in various embodiments, indicates a particularservice for which authentication prompt 112 is being presented.Accordingly, if a prompt 112 is being presented to authenticate for aservice associated with a website, the service identifier may identifythe particular website by specifying, for example, a domain, a uniformresource locator (URL), internet protocol (IP) address, etc. If prompt112 is being presented to authenticate for a service provided by anapplication executing on media player device 110, the service identifiermay identify the particular application by specifying, for example, thename of the application, the name of application's executable file, thedirectory path to the executable file, etc. The credential type, invarious embodiments, identifies the type of credential 144 beingsolicited by authentication prompt 112 such as a username and password,OTP, PIN, digital signature generated by a cryptographic key,authentication token, etc. At 234, mobile device 140 presents acredential selection prompt 142 (discussed below with respect to FIG.3C), which may include a suggested credential 144 determined to berelevant based on the information received at 232. In some embodiments,mobile device 140 may further authenticate user 201 by verifying auser's passcode, biometric, etc. before presenting the selection prompt142. Once user 201 has selected a credential 144 from the selectionprompt 142 at 236, mobile device 140 provides the selected credential144 at 238. In some embodiments, media player device 100 may send anacknowledgement at 240 that the credential 144 was successful receivedand a corresponding success prompt (discussed below with respect to FIG.3D) may be presented at 242 to user 201. At 244, media player device 110automatically fills one or more fields in authentication prompt 112 withthe contents of the credential 144. In embodiments in which a prompt 112is not presented, media player device 110 may convey the credential 144to the service attempting to authenticate the user in some other manner.

Turning now to FIG. 3A, a diagram of an introduction prompt 300 isdepicted. As noted above, introduction prompt 300 may be an initialprompt presented during discovery phase 202 and used to confirm that auser is interested in sharing a credential 144. In the illustratedembodiment, prompt 300 includes a “continue” button selectable by a userto indicate to the media player device 110 that he or she is interestedin sharing a credential 144. Otherwise, a user can select the “X” buttonto dismiss the prompt 300. In some embodiments, introduction prompt 300may be implemented different than shown—e.g., prompt 300 may be a bannerdescending from the top of the screen.

Turning now to FIG. 3B, a diagram of a device authentication prompt 310is depicted. As noted above, device authentication prompt 310 may bepresented during pairing phase 204 to authenticate mobile device 140 andmedia player device 110. In the illustrated embodiment, prompt 310 asksthe user to enter a four-digit value depicted on display 120 in order toauthenticate devices 110 and 140. Such an authentication may beperformed, for example, to prevent someone who not able to view display120 from interfering with media player device 110. In some embodiments,authentication prompt 310 is performed during each exchange 200. Inother embodiments, the authentication may be persisted across multipleexchanges 200—e.g., mobile device 140 may receive a token from mediaplayer device 110 to use in lieu of prompt 310.

In other embodiments, mobile device 140 and media player device 110 mayauthenticate differently than shown in FIG. 3B. For example, in someembodiments, media player device 110 may present a QR code, particlecloud, etc. on display 120, and prompt 310 may instruct the user tocapture it with a camera of mobile device 140. In some embodiments,media player device 110 may play a sound with a watermark, and mobiledevice 140 may capture the watermark via microphone of device 140 toauthenticate with media player device 110. In some embodiments, device110 and 140 may be authenticated based on both devices being registeredwith the same cloud-based user account.

Turning now to FIG. 3C, a diagram of a selection prompt 142 is depicted.As noted above, selection prompt 142 may be presented during thecredential selection phase 206 to allow a user to select a credential144 to provide to media player device 110. In the illustratedembodiment, selection prompt 142 presents a list of credentials 144maintained by mobile device 140 as well as a suggested credential 322.Accordingly, selecting the credential for apricot.com, for example, maycause media player device 110 to receive the credential 144 and topopulate the username field in prompt 112 of FIG. 1 with“jennyappleseed” and the password field with the corresponding password.In some embodiments, suggested credential 322 may be determined based oninformation received during phase 206 such as the service identifier andcredential type. In other embodiments, suggested credential 322 may bedetermined based on a most frequently used credential 144, last recentlyused credential 144, etc. If the depicted portion of the credential listdoes not include the desired credential, a user may scroll through thelist or enter an input into the depicted search field to search for thedesired credential. In the illustrated embodiment, selecting the ‘i’icon may allow a user to view additional information about thecredentials 144 such as the credential type, service identifier, etc.

Turning now to FIG. 3D, a diagram of a success prompt 330 is depicted.As noted above, success prompt 330 may be presented on mobile device 140during selection phase 206 in response to device 140 successfullysharing a credential 144 with media player device 110. In theillustrated embodiment, success prompt 330 announces the success of thecredential sharing and has a “Done” button to acknowledge the prompt. Insome embodiments, however, success prompt 330 may be implementeddifferently than shown—e.g., it may be banner dropping down from thetop, may not have an acknowledgment button, etc. In still otherembodiments, a success prompt 330 may not be presented.

Turning now to FIG. 4A, a flow diagram of a method 400 for sharing acredential is depicted. In some embodiments, method 400 is performed bya first computing device in possession of credential such as mobiledevice 140. In some embodiments, steps 405-420 may be performedconcurrently or in a different order than shown.

In step 405, a request (e.g., request 114) is received from a secondcomputing device (e.g., media player device 110) for a user credential(e.g., credential 144) to be input into an authentication prompt (e.g.,prompt 112) associated with the second computing device.

In step 410, a proximity associated with the second computing device isdetermined based on a received wireless location beacon (e.g., locationbeacon 132). In some embodiments, the first computing device receivesthe wireless location beacon from a remote controller (e.g., remote 130)of the second computing device, and determining the proximity includesdetermining a proximity to the remote controller based on a signalstrength associated with the received wireless location beacon. In someembodiments, the first computing device receives a relative signalstrength indication (RSSI) from a radio of the first computing devicethat received the wireless location beacon and compares the receivedRSSI with a threshold value.

In step 415, based on the request and the determined proximity, aselection prompt (e.g., selection prompt 142) is presented asking a userof the first computing device to select a user credential stored in thefirst computing device. In some embodiments, the first computing devicestores a plurality of user credentials in the first computing device,receives an indication of a desired user credential from the secondcomputing device, and based on the indication, selects one of theplurality of user credentials to suggest (e.g., credential suggestion322) to the user within the selection prompt. In some embodiments, theindication identifies an application executing on the second computingdevice. In some embodiments, the indication is a domain associated witha website being accessed by a web browser of the second computingdevice. In some embodiments, the indication is received after anencrypted channel has been established between the first computingdevice and the second computing device.

In step 420, the selected user credential is provided to the secondcomputing device to input into the authentication prompt. In someembodiments, the first computing device presents a prompt (e.g., deviceauthentication prompt 310) asking the user to supply an input usable toauthenticate the first computing device to the second computing device,and based on the input, establishes an encrypted channel (e.g., securechannel at 230) with the second computing device such that the selecteduser credential is provided via the encrypted channel. In someembodiments, the prompt asking the user to supply an input usable toauthenticate the first computing device asks the user to input a valuethat is depicted on a display (e.g., display 120) associated with thesecond computing device. In various embodiments, method 400 furtherincludes the first computing device receiving, from the second computingdevice, another request for a user credential to be input into anauthentication prompt and, in response to determining that the firstcomputing device is not proximal to a remote controller of the secondcomputing device, determining to ignore the other request.

Turning now to FIG. 4B, a flow diagram of a method 430 for sharing acredential is depicted. In some embodiments, method 430 is performed bya first computing device presenting an authentication prompt such asmedia player device 110. In some embodiments, steps 435-455 may bedifferently than shown—e.g., steps may be performed concurrently orsteps may be performed in a different order than shown, steps may beomitted such as steps 435 and 455, etc.

In step 435, an authentication prompt (e.g., prompt 112) asking for auser credential (e.g., credential 144) to authenticate a user ispresented. In some embodiments, the first computing device receives aninput from a remote controller (e.g., remote controller 130), determinesthat the input selects a field within the authentication prompt, and, inresponse to the determining, performs steps 440 and 445.

In step 440, a request (e.g., request 114) is sent for the usercredential to a second computing device (e.g., mobile device 140). Insome embodiments, the first computing device executes an applicationassociated with a streaming service, and the authentication prompt isusable to authenticate the user to the streaming service. In such anembodiment, the first computing device sends, to the second computingdevice, an indication (e.g., a service identifier at 232) of theapplication to cause the second computing device to suggest a usercredential (e.g., suggested credential 322) associated with theapplication for selection by the user. In some embodiments, the firstcomputing device presents a web page including the authentication promptand sends, to the second computing device, an indication (e.g., serviceidentifier at 232) of a domain name associated with the web page tocause the second computing device to suggest a user credential (e.g.,suggested credential 322) associated with the domain name for selectionby the user.

In step 445, the remote controller is instructed (e.g., via a beaconinstruction at 214) to send a location beacon (e.g., location beacon132) usable by the second computing device to determine whether tosolicit user input based on a threshold distance between the remotecontroller and the second computing device.

In step 450, a user credential selected by a user of the secondcomputing device is received from the second computing device. In someembodiments, method 430 includes the first computing device presenting aprompt specifying a value (e.g., authentication information at 228) forthe user to input into the second computing device to authenticate thesecond computing device and, in response to the user inputting the valueinto the second computing device (e.g., in device authentication prompt310), establishing a secure channel (e.g., a secure channel at 230) withthe second computing device to receive the selected user credential.

In step 455, one or more fields in the authentication prompt arepopulated (e.g., autofill at 244) with the received user credential. Insome embodiments, the first computing device automatically submits, toan authentication service, content of the populated one or more fieldsin response to receiving the selected user credential.

Turning now to FIG. 4C, a flow diagram of a method 460 for sharing acredential is depicted. In some embodiments, method 460 is performed bya remote controller such as remote controller 130.

In step 465, a remote controller of a media player device (e.g., mediaplayer device 110) receives a request (e.g., beacon instruction at 214)to broadcast a location beacon (e.g., location beacon 132) associatedwith an authentication prompt (e.g., prompt 112) presented by the mediaplayer device on a display (e.g., display 120). In some embodiments,method 460 includes the remote controller receiving, from a user, aninput selecting an authentication field in the authentication prompt andthe remote controller sending an indication of the input (e.g., fieldselection at 210) to the media player device. In such an embodiment, therequest to broadcast the location beacon is received in response tosending the indication of the input.

In step 470, the remote controller broadcasts, in response to therequest, the location beacon to a mobile device (e.g., mobile device140). In various embodiments, the location beacon is usable by themobile device to determine whether to provide a user selected credential(e.g., credential 144) to the media player device for input into one ormore fields of the authentication prompt. In some embodiments, a signalstrength associated with the broadcasted location beacon is used by themobile device to determine a proximity the remote controller, and themobile device determines whether to prompt a user to select the usercredential (e.g., via a selection prompt 142) based on the determinedproximity. In some embodiments, method 460 includes the remotecontroller receiving, from the media player device, an indication (e.g.,discontinue instruction at 224) that the mobile device has contacted themedia player device and, in response to the indication, the remotecontroller discontinuing broadcasting the location beacon.

Exemplary Computer System

Turning now to FIG. 5, a block diagram illustrating an exemplaryembodiment of a computing device 500, which may implement functionalityof devices 110-140, is shown. Device 500 may correspond to any suitablecomputing device such as those noted above with respect to FIG. 1. Inthe illustrated embodiment, device 500 includes fabric 510, processorcomplex 520, graphics unit 530, display unit 540, cache/memorycontroller 550, input/output (I/O) bridge 560. In some embodiments,elements of device 500 may be included within a system on a chip (SOC).

Fabric 510 may include various interconnects, buses, MUX's, controllers,etc., and may be configured to facilitate communication between variouselements of device 500. In some embodiments, portions of fabric 510 maybe configured to implement various different communication protocols. Inother embodiments, fabric 510 may implement a single communicationprotocol and elements coupled to fabric 510 may convert from the singlecommunication protocol to other communication protocols internally. Asused herein, the term “coupled to” may indicate one or more connectionsbetween elements, and a coupling may include intervening elements. Forexample, in FIG. 5, graphics unit 530 may be described as “coupled to” amemory through fabric 510 and cache/memory controller 550. In contrast,in the illustrated embodiment of FIG. 5, graphics unit 530 is “directlycoupled” to fabric 510 because there are no intervening elements.

In the illustrated embodiment, processor complex 520 includes businterface unit (BIU) 522, cache 524, and cores 526A and 526B. In variousembodiments, processor complex 520 may include various numbers ofprocessors, processor cores and/or caches. For example, processorcomplex 520 may include 1, 2, or 4 processor cores, or any othersuitable number. In one embodiment, cache 524 is a set associative L2cache. In some embodiments, cores 526A and/or 526B may include internalinstruction and/or data caches. In some embodiments, a coherency unit(not shown) in fabric 510, cache 524, or elsewhere in device 500 may beconfigured to maintain coherency between various caches of device 500.BIU 522 may be configured to manage communication between processorcomplex 520 and other elements of device 500. Processor cores such ascores 526 may be configured to execute instructions of a particularinstruction set architecture (ISA), which may include operating systeminstructions and/or application instructions to implement functionalitydescribed herein with respect to devices 110-140. These instructions maybe stored in computer readable medium such as a memory coupled to memorycontroller 550 discussed below.

Graphics unit 530 may include one or more processors and/or one or moregraphics processing units (GPU's). Graphics unit 530 may receivegraphics-oriented instructions, such as OPENGL®, Metal, or DIRECT3D®instructions, for example. Graphics unit 530 may execute specialized GPUinstructions or perform other operations based on the receivedgraphics-oriented instructions. Graphics unit 530 may generally beconfigured to process large blocks of data in parallel and may buildimages in a frame buffer for output to a display. Graphics unit 530 mayinclude transform, lighting, triangle, and/or rendering engines in oneor more graphics processing pipelines. Graphics unit 530 may outputpixel information for display images.

Display unit 540 may be configured to read data from a frame buffer andprovide a stream of pixel values for display. Display unit 540 may beconfigured as a display pipeline in some embodiments. Additionally,display unit 540 may be configured to blend multiple frames to producean output frame. Further, display unit 540 may include one or moreinterfaces (e.g., MIPI® or embedded display port (eDP)) for coupling toa user display (e.g., a touchscreen or an external display) such asdisplay 120.

Cache/memory controller 550 may be configured to manage transfer of databetween fabric 510 and one or more caches and/or memories. For example,cache/memory controller 550 may be coupled to an L3 cache, which may inturn be coupled to a system memory. In other embodiments, cache/memorycontroller 550 may be directly coupled to a memory. In some embodiments,cache/memory controller 550 may include one or more internal caches.Memory coupled to controller 550 may be any type of volatile memory,such as dynamic random access memory (DRAM), synchronous DRAM (SDRAM),double data rate (DDR, DDR2, DDR3, etc.) SDRAM (including mobileversions of the SDRAMs such as mDDR3, etc., and/or low power versions ofthe SDRAMs such as LPDDR4, etc.), RAMBUS DRAM (RDRAM), static RAM(SRAM), etc. One or more memory devices may be coupled onto a circuitboard to form memory modules such as single inline memory modules(SIMMs), dual inline memory modules (DIMMs), etc. Alternatively, thedevices may be mounted with an integrated circuit in a chip-on-chipconfiguration, a package-on-package configuration, or a multi-chipmodule configuration. Memory coupled to controller 550 may be any typeof non-volatile memory such as NAND flash memory, NOR flash memory, nanoRAM (NRAM), magneto-resistive RAM (MRAM), phase change RAM (PRAM),Racetrack memory, Memristor memory, etc. As noted above, this memory maystore program instructions executable by processor complex 520 to causedevice 500 to perform functionality described herein.

I/O bridge 560 may include various elements configured to implementuniversal serial bus (USB) communications, security, audio, and/orlow-power always-on functionality, for example. I/O bridge 560 may alsoinclude interfaces such as pulse-width modulation (PWM), general-purposeinput/output (GPIO), serial peripheral interface (SPI), and/orinter-integrated circuit (I2C), for example. Various types ofperipherals and devices may be coupled to device 500 via I/O bridge 560.For example, these devices may include various types of wirelessinterfaces (e.g., ones supporting Wi-Fi™, Bluetooth™, cellular, globalpositioning system, etc.), additional storage (e.g., RAM storage, solidstate storage, or disk storage), user interface devices (e.g., keyboard,microphones, speakers, etc.), etc.

Although specific embodiments have been described above, theseembodiments are not intended to limit the scope of the presentdisclosure, even where only a single embodiment is described withrespect to a particular feature. Examples of features provided in thedisclosure are intended to be illustrative rather than restrictiveunless stated otherwise. The above description is intended to cover suchalternatives, modifications, and equivalents as would be apparent to aperson skilled in the art having the benefit of this disclosure.

The scope of the present disclosure includes any feature or combinationof features disclosed herein (either explicitly or implicitly), or anygeneralization thereof, whether or not it mitigates any or all of theproblems addressed herein. Accordingly, new claims may be formulatedduring prosecution of this application (or an application claimingpriority thereto) to any such combination of features. In particular,with reference to the appended claims, features from dependent claimsmay be combined with those of the independent claims and features fromrespective independent claims may be combined in any appropriate mannerand not merely in the specific combinations enumerated in the appendedclaims.

Various embodiments described herein may gather and/or use dataavailable from specific and legitimate sources to improve the deliveryto users of invitational content or any other content that may be ofinterest to them. The present disclosure contemplates that, in someinstances, this gathered data may include personal information data thatuniquely identifies or can be used to identify a specific person. Suchpersonal information data can include demographic data, location-baseddata, online identifiers, telephone numbers, email addresses, homeaddresses, data or records relating to a user's health or level offitness (e.g., vital signs measurements, medication information,exercise information), date of birth, or any other personal information.

The present disclosure recognizes that the use of such personalinformation data, in the present technology, can be used to the benefitof users. For example, the personal information data can be used todeliver targeted content that may be of greater interest to the user inaccordance with their preferences. Accordingly, use of such personalinformation data enables users to have greater control of the deliveredcontent. Further, other uses for personal information data that benefitthe user are also contemplated by the present disclosure. For instance,health and fitness data may be used, in accordance with the user'spreferences to provide insights into their general wellness, or may beused as positive feedback to individuals using technology to pursuewellness goals.

The present disclosure contemplates that those entities responsible forthe collection, analysis, disclosure, transfer, storage, or other use ofsuch personal information data will comply with well-established privacypolicies and/or privacy practices. In particular, such entities would beexpected to implement and consistently apply privacy practices that aregenerally recognized as meeting or exceeding industry or governmentalrequirements for maintaining the privacy of users. Such informationregarding the use of personal data should be prominently and easilyaccessible by users, and should be updated as the collection and/or useof data changes. Personal information from users should be collected forlegitimate uses only. Further, such collection/sharing should occur onlyafter receiving the consent of the users or other legitimate basisspecified in applicable law. Additionally, such entities should considertaking any needed steps for safeguarding and securing access to suchpersonal information data and ensuring that others with access to thepersonal information data adhere to their privacy policies andprocedures. Further, such entities can subject themselves to evaluationby third parties to certify their adherence to widely accepted privacypolicies and practices. In addition, policies and practices should beadapted for the particular types of personal information data beingcollected and/or accessed and adapted to applicable laws and standards,including jurisdiction-specific considerations which may serve to imposea higher standard. For instance, in the US, collection of or access tocertain health data may be governed by federal and/or state laws, suchas the Health Insurance Portability and Accountability Act (HIPAA);whereas health data in other countries may be subject to otherregulations and policies and should be handled accordingly.

Despite the foregoing, the present disclosure also contemplatesembodiments in which users selectively block the use of, or access to,personal information data. That is, the present disclosure contemplatesthat hardware and/or software elements can be provided to prevent orblock access to such personal information data. For example, in the caseof advertisement delivery services, the present technology can beconfigured to allow users to select to “opt in” or “opt out” ofparticipation in the collection of personal information data duringregistration for services or anytime thereafter. In another example,users can select not to provide mood-associated data for targetedcontent delivery services. In yet another example, users can select tolimit the length of time mood-associated data is maintained or entirelyblock the development of a baseline mood profile. In addition toproviding “opt in” and “opt out” options, the present disclosurecontemplates providing notifications relating to the access or use ofpersonal information. For instance, a user may be notified upondownloading an app that their personal information data will be accessedand then reminded again just before personal information data isaccessed by the app.

Moreover, it is the intent of the present disclosure that personalinformation data should be managed and handled in a way to minimizerisks of unintentional or unauthorized access or use. Risk can beminimized by limiting the collection of data and deleting data once itis no longer needed. In addition, and when applicable, including incertain health related applications, data de-identification can be usedto protect a user's privacy. De-identification may be facilitated, whenappropriate, by removing identifiers, controlling the amount orspecificity of data stored (e.g., collecting location data at city levelrather than at an address level), controlling how data is stored (e.g.,aggregating data across users), and/or other methods such asdifferential privacy.

Therefore, although the present disclosure may broadly cover use ofpersonal information data to implement one or more various disclosedembodiments, the present disclosure also contemplates that the variousembodiments can also be implemented without the need for accessing suchpersonal information data. That is, the various embodiments of thepresent technology are not rendered inoperable due to the lack of all ora portion of such personal information data. For example, content can beselected and delivered to users based on aggregated non-personalinformation data or a bare minimum amount of personal information, suchas the content being handled only on the user's device or othernon-personal information available to the content delivery services.

What is claimed is:
 1. A non-transitory computer readable medium havingprogram instructions stored therein that are executable by a firstdevice to cause the first device to perform operations comprising:receiving, from a second device, a request for a user credential toinput into an authentication prompt associated with the second device;in response to receiving the request, determining a proximity associatedwith the second device based on a wireless location beacon received froma third device distinct from the first and second devices; determine,based on the determined proximity, whether to present a selection promptasking a user of the first device to select a user credential stored inthe first device; and in response to determining to present theselection prompt and the user selecting the user credential, providingthe selected user credential to the second device to input into theauthentication prompt.
 2. The computer readable medium of claim 1,wherein determining the proximity includes determining a proximity tothe third device based on a signal strength associated with the receivedwireless location beacon.
 3. The computer readable medium of claim 2,wherein determining the proximity includes: receiving a relative signalstrength indication (RSSI) from a radio of the first device thatreceived the wireless location beacon; and comparing the received RSSIwith a threshold value.
 4. The computer readable medium of claim 1,wherein the operations comprise: presenting a prompt asking the user tosupply an input usable to authenticate the first device to the seconddevice; and based on the input, establishing an encrypted channel withthe second device, wherein the selected user credential is provided viathe encrypted channel.
 5. The computer readable medium of claim 4,wherein the prompt asking the user to supply an input usable toauthenticate the first device asks the user to input a value that isdepicted on a display associated with the second device.
 6. The computerreadable medium of claim 1, wherein the operations comprise: storing aplurality of user credentials in the first device; receiving anindication of a desired user credential from the second device; andbased on the indication, selecting one of the plurality of usercredentials to suggest to the user within the selection prompt.
 7. Thecomputer readable medium of claim 6, wherein the indication identifiesan application executing on the second device.
 8. The computer readablemedium of claim 6, wherein the indication is a domain associated with awebsite being accessed by a web browser of the second device.
 9. Thecomputer readable medium of claim 6, wherein the indication is receivedafter an encrypted channel has been established between the first deviceand the second device.
 10. The computer readable medium of claim 1,wherein the operations comprise: receiving, from the second device,another request for a user credential to be input into an authenticationprompt; and in response to determining that the first device is notproximal to a remote controller of the second device, determining toignore the other request.
 11. A first device, comprising: a wirelessinterface; one or more processors; and memory having programinstructions stored therein that are executable by the one or moreprocessors to cause the first device to perform operations including:sending a request for a user credential to a second computing device;instructing, via the wireless interface, a third device to send alocation beacon corresponding to the sent request, wherein the locationbeacon is usable by the second device to determine whether to solicituser input to select the requested user credential based on a thresholddistance between the third device and the second device; and in responseto the second device determining to solicit the user input based on thelocation beacon, receiving, from the second device, the user credentialselected by a user of the second device.
 12. The first device of claim11, wherein the operations include: presenting an authentication promptasking for the user credential to authenticate the user; and populatingone or more fields in the authentication prompt with the received usercredential.
 13. The first device of claim 12, wherein the operationsinclude: receiving an input from the third device; determining that theinput selects a field within the authentication prompt; in response tothe determining: sending the request for the user credential; andinstructing the third device to send the location beacon.
 14. The firstdevice of claim 13, wherein the operations include: presenting a promptspecifying a value for the user to input into the second computingdevice to authenticate the second device; and in response to the userinputting the value into the second device, establishing a securechannel with the second device to receive the selected user credential.15. The first device of claim 12, wherein the operations include:executing an application associated with a streaming service, whereinthe authentication prompt is usable to authenticate the user to thestreaming service; and sending, to the second device, an indication ofthe application to cause the second device to suggest a user credentialassociated with the application for selection by the user.
 16. The firstdevice of claim 12, wherein the operations include: presenting a webpage including the authentication prompt; and sending, to the seconddevice, an indication of a domain name associated with the web page tocause the second device to suggest a user credential associated with thedomain name for selection by the user.
 17. The first device of claim 12,wherein the operations include: automatically submitting, to anauthentication service, content of the populated one or more fields inresponse to receiving the selected user credential.
 18. A method,comprising: a remote controller of a media player device receiving arequest to broadcast a location beacon associated with a credentialrequest sent by the media player device for an authentication promptpresented by the media player device on a display; and in response tothe request, the remote controller broadcasting the location beacon to amobile device, wherein the location beacon is usable by the mobiledevice to determine whether to respond to the credential request byproviding a user selected credential to the media player device forinput into one or more fields of the authentication prompt.
 19. Themethod of claim 18, wherein a signal strength associated with thebroadcasted location beacon is used by the mobile device to determine aproximity to the remote controller, and wherein the mobile devicedetermines whether to prompt a user to select the credential based onthe determined proximity.
 20. The method of claim 18, furthercomprising: the remote controller receiving, from a user, an inputselecting an authentication field in the authentication prompt; and theremote controller sending an indication of the input to the media playerdevice, wherein the request to broadcast the location beacon is receivedin response to sending the indication of the input.
 21. The method ofclaim 18, further comprising: the remote controller receiving, from themedia player device, an indication that the mobile device has contactedthe media player device; and in response to the indication, the remotecontroller discontinuing broadcasting the location beacon.